“Is my password secure?” It’s an important question to ask yourself in this age of ever-evolving cybersecurity threats. With hackers perpetually developing more sophisticated cyberthreats, there’s no point in making their jobs easier by creating a password that’s easy to bypass. The strength of your password is key to protecting your website, personal data and other important information. With that in mind, here are some guidelines to assessing your passwords’ security, finally answering the question: Is your password secure?
How Secure Is Your Password If It’s Short?
When choosing or creating a password to your online accounts, it’s best to assign a password that’s difficult for a hacker to guess. When asking yourself “Is my password secure enough?” take the password’s length into consideration. Is your password secure if it consists of the website’s character minimum? Maybe, but not as secure as it could be. A long password is harder for a bad actor to guess than a shorter one. When assessing the question, “Is my password secure?” consider using a password that’s at least 12 characters long. As many as 16 to 20 characters is ideal.
How Secure Is Your Password If It Includes Personal Information?
Is your password secure if it references names or dates? People often insert birthdates, names of pets, and other personal signifiers to create a password that’s easy to remember. Unfortunately, these details can be easily gleaned from social media or other sources by bad actors looking to gain access to your accounts. In fact, you’re better off avoiding dictionary words, or combinations of dictionary words entirely. Your best bet is to construct a password from a lengthy combination of letters, numbers, and characters. If the application is case-sensitive, alternating between uppercase and lowercase letters can also bolster your password’s security. If you’re worried about not being able to remember a lengthy string of seemingly random characters, try using a password manager to safely create, store, and fill in your passwords. That way, you’ll ideally only have to remember one password, the one you use to access your password manager. – Read more
Once an individual or organization makes the decision to use a cloud service provider, the question of how to keep your data safe may come to mind. After all, when files containing sensitive information are being loaded to the internet, it’s important to make sure this content is only accessed by authorized users. With that in mind, below are several cloud security best practices that should be considered to keep your data protected.
Find a Provider You Can Trust
When it comes to cloud based cyber security, you really can’t be too careful when selecting your cloud service provider (CSP). Look at things like security measures offered, standards compliance capabilities, service level, and manageability. Also ask questions such as how much time will you have to spend, and if you will share responsibility for the implementation of your cloud based cyber security? Whoever you choose as your CSP, make sure to read your contracts thoroughly so you have a thorough understanding of expectations and deliverability.
Train Personnel in Security Protocols
The key reason for including this step in our cloud security best practices is that the safety of your cloud storage begins with the people who will be using it. For example, if you require your users to log out at the end of every work day, leaving the system logged in could result in unauthorized users gaining access to something they are not supposed to see.
Don’t Give Everyone Access
You likely know that not everyone needs administrative access. However, you also don’t need to give everyone access to all system files. Compartmentalizing could be a simple way of reducing risks in your cloud based cyber security. – Read more
Cyberattacks Against Online Retail Continue to Rise
The growth of online retailers is followed closely by the acceleration of cyberattacks. Unlike a lot of traditional B&M stores that were forced to close during the Covid-19 pandemic, online retail has experienced a boom. Whilst the World Economic Forum reported that the move to stay at home resulted in a decrease in the virus number, researchers at Salesforce showed that global digital sales grew by 36%, year-on-year, to December 2020.
As expected, cybercriminals are ‘following the money’ with the result that the retail industry is seeing an uptick in cyber-attacks as online transactions soar.
The Cyber-Threat Landscape and the Online Retailer in 2021 Online retail is predicted to experience a staggering £5.9 billion ($8.1 billion) worth of losses each year because of cyber-attacks. And according to a recent Ponemon study, a cyber-attack affecting an online retailer, costs, on average, over $2 million.
Cybercriminals use several methods to target vulnerable e-commerce sites, these include:
Web Application Attacks
Online retail is the go-to target for many web-borne cyber-attacks. The 2020 Verizon Data Breach Investigations Report (DBIR) revealed that in 43% of all data breaches, web applications were the target. As 2020 panned out, there was an increase of around 800% in web application-based attacks. The most common attack types on web applications include remote code execution, data leakage, and cross-site scripting (XSS).
Credential stuffing and Online Retail
Credential stuffing uses previously stolen login credentials in an attempt to take over an account. Akamai, a vendor that keeps watch on credential stuffing attacks, found that the retail sector was the most targeted for this form of attack. Attack detections in the commerce category of the report hit 64 billion credential stuffing attempts between 2018 and 2020. The retail sector accounted for around 90% of all such attacks in the category.
Denial of Service (DDoS)
A DDoS attack uses (often) thousands of ‘bot’ infected devices to send out malicious traffic to target websites. These ‘bot’s, aka malware, are specifically designed to overwhelm a website/webserver and cause it to crash. Amazon Web Services (AWS) was hit with the largest DDoS attack in history during 2020. The cyber-attack affected thousands of retailers, dependent on online sales to maintain their business during the pandemic.
Events and phishing
Cybercriminals love an event. By focusing their campaigns on big calendar happenings in the retail world, hackers can use social engineering tricks to create successful phishing campaigns. In the run-up to Black Friday 2020, a surge in phishing attacks related to the event were detected. A Check Point report found a 13X increase in phishing emails in the six weeks to Black Friday. The rate of phishing in November 2020, was around one in every 826 emails delivered, compared to less than one in 11,000 at the start of October. Check Point explains the likely reason for the increase are cybercriminals capitalizing on people staying at home and shopping online.
The world of retail is increasingly dependent on API calls to find out information, check customer identity, and perform transactions. But APIs are a potential weak spot in terms of security. Attacks on retail APIs, during 2020, far exceeded the levels of attacks in previous years, according to research. Popular attack vectors include cross-site scripting (XSS) and SQL injection.
The CMS (Content Management System) frameworks, used as platforms for many online retail outlets, are a target for cyber-attacks. One of the most infamous recent attacks of this nature was the attack on UK airline, British Airways (BA). The company was fined around £20 million ($27 million) for a breach that affected 185,000 reward program customers and a further 380,000 users of the airline’s app and website. The company is now expecting a customer settlement bill of around £3 billion. The breach occurred when a malicious script comprising 22 lines of code was inserted into the BA website. A vulnerability in a web element allowed the hack to occur. Once in situ, the code facilitated a transfer of data to ‘baways.com’, a very similar looking URL to the legitimate ‘britishairways.com’.
Other client-side attacks include the misuse or incorrect implementation of secure internet communications. For example, the use of the principle of securing data in transit is vital to maintain data security. The use of encrypted communication protocols, such as Transport Layer Security (TLS) when transmitting data across Wi-Fi or other networks, prevents Man-in-the-Middle attacks, which result in the theft of login credentials.
Online shopping for food, medicines, and other essentials, has been a vital service during the pandemic. With more people choosing to shop online, the online shopping trend is expected to continue. Online retailers can offer a secure shopping experience to customers by taking precautions and closing off the routes to a cyber-attack.
WebTitan protects your business and customers against all cyberattacks.Find out how you can better protect your organization from cyberattacks in 2021 and start a 30 day free trial today!